Exam 500-220 topic 3 question 23 discussion

Answer A: Intrusion Detection and Prevention Intrusion detection feeds all packets flowing between the LAN and internet interfaces, and in between VLANs through the SNORT® intrusion detection engine, and logs the generated alerts to the Security Report. You can export these alerts via Syslog. referance: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

A is the correct answer. From this: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrusion_Detection_and_Prevention Intrusion Detection and Prevention In both IDS and IPS modes the following is inspected: all traffic between LAN and Internet (this is both modes, IPS/IDS) all traffic between VLANS (this is both modes, IPS/IDS) In both IDS and IPS modes the following is not inspected: INTRA-VLAN traffic (where Client 1 and Client 2 are both in the same VLAN)

Correct: A

A IS THE CORRECT ANSWER

Answer A (as only IDS/IPS applies to inter-vlan routing, AMP 'only' inspects HTTP traffic)

If you’re passing traffic between VLANs then the MX firewalls apply as well as the IDS/IPS rules, but not the AMP - that only applies to traffic arriving directly on the WAN/internet port.

Pros: You can offload routing tasks from the Cisco Meraki MX security appliance. Inter-VLAN traffic uses less hops. Cons: Inter-VLAN traffic does not reach the Cisco Meraki MX security appliance, so the appliance cannot filter this traffic. Correct answer: A With this design option, the security features of the Cisco Meraki MX security appliance, such as IDS and IPS, are not used for inter-VLAN traffic.

@DRHoppo MX LAN traffic across subnets (inter-VLAN) goes through Firewall, AMP, and IPS. • IPS is unlikely to trigger since most of the signatures are designed for Inbound Services • AMP is unlikely to see much inter-VLAN traffic because it is only checking HTTP traffic and most malware files moving across a LAN are not going over HTTP.